A vulnerability in the SSL/TLS session handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory leak when closing SSL/TLS connections in a specific state. An attacker could exploit this vulnerability by establishing several SSL/TLS sessions and ensuring they are closed under certain conditions. A successful exploit could allow the attacker to exhaust memory resources in the affected device, which would prevent it from processing new SSL/TLS connections, resulting in a DoS. Manual intervention is required to recover an affected device.
2020-10-21T19:15:18.327
2024-11-21T05:31:20.360
Modified
CVSSv3.1: 8.6 (HIGH)
AV:N/AC:L/Au:N/C:N/I:N/A:P
10.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | cisco | adaptive_security_appliance | < 9.6 | Yes |
| Application | cisco | firepower_threat_defense | < 6.3.0.6 | Yes |
| Application | cisco | firepower_threat_defense | < 6.4.0.10 | Yes |
| Application | cisco | firepower_threat_defense | < 6.6.1 | Yes |
| Operating System | cisco | adaptive_security_appliance_software | < 9.8.4.26 | Yes |
| Operating System | cisco | adaptive_security_appliance_software | < 9.9.2.80 | Yes |
| Operating System | cisco | adaptive_security_appliance_software | < 9.10.1.44 | Yes |
| Operating System | cisco | adaptive_security_appliance_software | < 9.12.4.4 | Yes |
| Operating System | cisco | adaptive_security_appliance_software | < 9.13.1.13 | Yes |
| Operating System | cisco | adaptive_security_appliance_software | < 9.14.1.19 | Yes |